Posted
by
kdawsonon Friday October 22, 2010 @04:30PM
from the but-we-didn't-inhale dept.

wiredmikey writes "Alan Eustace, Google's Senior VP of Engineering & Research, just put up an interesting blog post on how Google will be creating stronger privacy controls. Right at the end is an interesting admission: that after Streetview WiFi Payload data was analyzed by regulators, their investigations revealed that some incredibly private information was harvested in some cases. Eustace noted that 'It's clear from those inspections that while most of the data is fragmentary, in some instances entire emails and URLs were captured, as well as passwords.'"

1. Make a copy of the hash2. Replace the hash with a hash of a known password3. Log in with the known password and do whatever you wanted to do with the account4. Replace the hash with the copy created in step 15. Delete the traces of the login so that the original user would not see the login information.

Google didn't abuse their position as Google to collect this data. Were they skimming emails, search terms, etc for passwords, that would be an abuse. However, they were driving around in a car with a wireless router, something I could do with about as much efficiency. The people whose data they collected didn't entrust it to Google to keep private; they were simply broadcasting data.

Certainly, Google has a responsibility to not collect, store, and use this data, but they didn't do that. They accidentally copied/pasted the wrong code segment, and ended up logging more than they intended to. Furthermore, once they discovered their mistake, they disclosed this information, and begin working with local governments to correct their mistake. I believe that they acted admirably in this situation; many other companies simply wouldn't have disclosed this information in order to protect their image.

Basically, unencrypted wifi connections are like running around shouting your secrets to the world. If you care about privacy, it's up to you to encrypt your connection from end-to-end.

Google happened to listen in on this stuff due to a configuration change, but without malicious intent. Now think of how trivial it would be for your neighbor's kid to listen in on your communication, skim your login information, and mess up your life.

Right. Google "accidentally" copied and pasted the wrong code segment, and "accidentally" ended up loggin more than they "intended" to. Wink. Wink. They also "accidentally" never noticed that their storage media was filling up must faster than originally planned.

Why would they be logging any information at all from unencrypted wifi? I drive around all the time with an iPhone and an iPad and I sometimes even "borrow" open wifi bandwidth. I have never once purposely or "accidentally" logged any information co

Look at it this way: If they'd meant to do it, they would have done a better job. They wouldn't have grabbed data from a moving vehicle, because they're not going to be in range of any single AP long enough to get anything coherent. They would have targeted somebody or something. They would have logged specific data; probably something they could sell to their advertisers. This all would have come up in the third-party review of the data. It didn't.

How do you 'accidently' collect complete emails ? If you are looking for routers then you collect router information. Collecting the payload (data) has to be actually programmed in. So if I write code to collect router names - it would require extreme incompetence on the planning part to collect payload.

There is no "collecting the payload", they just dumped everything moving in the network to disk.

When you want to catch as much data points as you can while driving by, just dumping the data stream is the mos

I t will eventually dawn on people that "free" never is, and I'm unsure just how high the price in the end will turn out to be. Privacy is not accidentally defined as a human right, but companies like Google and Facebook started their growth in an era of unprecedented attacks on the private sphere (appreciate your privacy? You MUST be a terrorist).

It will be interesting how they cope with the returning desire of people to control their own information. So far, the signs are not good.

Your right, it must be that army of a million monkeys pounding away on keyboards that produce these articles. Or perhaps dolphin noses randomly punching really big keys. Seems that way for anyone that reads the real news, and a few weeks later is served up stuff like this on/.

Exactly. they meant no harm by this: they just wanted to know where you ARE

Correct.

so the local ads server to your connection in the future would be more relevant.

Yes. That's the only reason. I'm sure no one finds location-aware applications useful for any other reason. I mean, why would I want to be able to look up businesses in my area? Or geotag photos? Or god knows what else? Yup, the only reason Google would be doing this is to target you with ads, and no one wants it but Google. Yup, makes se

knowing what local businesses are nearby through the use of a tool: is almost the definition of advertising.

If I asked for a piece of information and Google responded with exactly the information I wanted, I wouldn't consider the response to be advertising, and I certainly wouldn't be upset about receiving such information (and neither would any reasonable person IMHO).

While it might not be ethical to capture full packet dumps, they probably did it to triangulate wifi access points better. This is a problem of privacy, but not of outright evil.

Google is a big company full of a lot of really smart people. How is it that none of them analyzed the process or the results during the 'testing phase' to determine they might just get this type of data? Their intentions may not have been 'evil' but negligence is no excuse. Not acting to prevent this type of data being gathered in the first place is 'evil' enough.

How is it that none of them analyzed the process or the results during the 'testing phase' to determine they might just get this type of data?

Quality Assurance testing is three parts sweat and one part luck. If the testing was done in a neighborhood with no open wifi, they wouldn't see anything that would requiring fixing. Remember where Google lives: I would expect most wifi links to be either closed, or wide open (as in public access points in cafes).

They were running Kismet, by default it stores the information captured in a file. Google noticed this later and reported on themselves to give the governments involved the chance to tell them how to destroy the data. This was not intentional capturing, and it only captured what these people were willfully transmitting in the clear over the air.

Just to correct a point that keeps recurring, Google were not proactive in this issue and did not "report themselves".

Following the discovery [theregister.co.uk] that Street View cars were fitted with Wifi sniffing equipment, which raised queries from German and UK authorities, on 27 April Google responded with a blog post [blogspot.com] in which they said Google does not collect or store payload data. This was repeated in releases sent to data protection authorities.

Google is a big company full of a lot of really smart people. How is it that none of them analyzed the process or the results during the 'testing phase' to determine they might just get this type of data? Their intentions may not have been 'evil' but negligence is no excuse. Not acting to prevent this type of data being gathered in the first place is 'evil' enough.

Must we really rehash that here just for you?

Howbout using something to search the intewebs and find out how this happened. You could maybe use something like Google?

It was a very low level beacon capture that stored too much data by accident. But because it did capture the beacon packets (and because that is all google was interested in) the fact that more than beacons were picked up in clear text from people too stupid to secure their routers wasn't even noticed.

Well analyzed. I don't get peoples explosions at Google for doing exactly what they advertise they do: collect data, and sell targeted ads to companies, while trying to anonomise the data that other companies see.

And why did Privacy International place Google dead last out of 23 companies examined and described its actions as "comprehensive consumer surveillance and entrenched hostility to privacy"? Please stop this automatic defense of Google. As far as I'm concerned, the company that has the most information about me is the one that presents the greatest threat to my privacy. Saying that you trust Google not to abuse it is like saying you trust gravity not to cause you to fall because it is not evil.This is a smal

THERE is no reason why Google should be held accountable for DATA that is essentially floating in the middle of the street. NONE. The problem isn't GOOGLE doing anything wrong.

This is like the lady who dances naked in front of an open window and gets mad when people see her naked and start taking pictures. You want privacy, then close the shades and encrypt your data transmissions.

It is true the fundamental problem lies in a lack of security. But Google shouldn't be recording it, especially because their cars so thoroughly scan the country.

And your example of photographing someone in their house is not a good one, because that most likely breaks well-established privacy laws. Yes, even if the person left their window open, they likely have an expectation of privacy because they are in their home.

It is frequently illegal to access unsecured wifi if you are not an authorized user. Google's collection of data off an unsecured wifi network constitutes unauthorized access. In many places, it is illegal.

THAT is a LARGE reason why Google should be held accountable for DATA that is floating in the middle of a PRIVATE NETWORK. The problem is GOOGLE decided that the LAW didn't APPLY to THEM.

Tell you what, Mr Bad Analogy Guy, you move all your valuables out onto the middle of the street tonight and leave them there for a week for all passers by to peruse and see how much is still there next friday.

There is no expectation of privacy for things you broadcast to the world at large.

They did not Break into anything. They drove down the street, with their windows rolled down listening, and idiots like you were busy shouting your credit card numbers and sexual orientation fro

But, I would be truly peeved to learn that anyone was sitting out in the street and recording traffic for any significant period of time. You want to "glance" at my traffic the same way a regular person would "glance" into my house windows while walking down the sidewalk, that's reasonable. But you want to camp out on the sidewalk and point a camera into my windows 24x7 and save it all to a database for later use and I do have a problem with that - same as I would with a long

But, I would be truly peeved to learn that anyone was sitting out in the street and recording traffic for any significant period of time. You want to "glance" at my traffic the same way a regular person would "glance" into my house windows while walking down the sidewalk, that's reasonable.

Driving down the street at 25MPH would seem to fall into your definition of reasonable. No?

Google didn't sit outside of your house. That was probably the local cops you saw out there.

Google just drove down the road, with its well marked car, at just under the speed limit. Once. Months ago.

Leaving your door open still requires someone to go onto your property and actually depending on what they're doing in some instances they are allowed into your house if you leave your house open. All they have to do is say they were concerned that your house was attacked and stepped in to check on you.

Taking pictures of naked people viewable from the streets isn't illegal. The whole tabloid media makes huge chunks of money from doing that.

and who is going to get pinned at fault for all this? Google? the Consumer?

Personally: I think it should be equipment manufacturers. honestly: 99% of people want basic wep/wpa/wpa2 encryption. just build all consumer routers to REQUIRE it during setup, and provide a flash/an option to disable it.

for the 1% of people that want an unencrypted wireless router out of the box: they can stand to pay more, or learn enough about the cheap ones to know how to turn it off.

The reason they don't do that is that while nearly everybody wants the encryption actually setting it up is challenging for geeks. And that's sort of the challenge.

Things like WPS [wikipedia.org] help quite a bit, there's still a lot of devices like the Wii which aren't completely compatible with the standards making it a challenge to create something that's going to work reliably and easily.

uhhh.. maybe I'm out of the loop here: but it takes all of -zero- effort to setup encryption on a router.

I've likely been through twenty wireless routers in the last year, at least six major brands. never have I even had to think about the setup.

if manufacturers enabled it by default, throw a basic: "the key is [random string of characters] sticker on it" and match it in the firmware. hell, even if it's just basic WEP, it would still have prevented this whole fiasco.

or you do it link the cisco "valet" routers dothe box with the router has a flashkey in it with a setup wizard when you setup your router it dumps the settings to a file and then you can take that key and rerun the wizard (this time taking the LEFT turn at albekery ) and setup the client. Of course you then need to guard that flashkey sinc eit does have your network setting but...

WPA2 requires minimum passkey lengths of 8+ depending on implementation. [google.com] Anyone who's ever helped people satisfying the site requirements for new hotmail/banks knows that PC owners spend a good deal of effort getting around pw complexity. The difference is that at home, no IT admin is going to lock people out of the device and personally assist till they comply with a safe choice, when they can all pick "open."

IMHO: a required one. if this drives up the costs (of people being stupid): then the company can contribute some funds to the country in question's education system to ensure that kids learn to setup standards based access points, and solve the problem for the future.

Google did not drive around for the purpose of harvesting passwords from unsecured WiFi connections. It inadvertently recorded some data that was broadcast and somewhere buried in it were some e-mail addresses and passwords.

If someone stands at their front door with bullhorn shouting out their social security numbers, salaries, sexual orientation and other private details, it isn't the responsibility of passers-by to cover their ears.

It's more like arresting someone if they hear you shouting from your porch. When you choose to run an unencrypted access point, you are deliberately broadcasting that information to the public. One does not have to "spy" into your house; one only has to drive by while in possession of a laptop. I guess we should ban laptops.

I stand impressed at how hard you avoid the point. Hearing is not the issue. Retaining for commercial purposes is. To complete your analogy.Hearing me chatting on my porch is fine. Listening in on the conversation is unethical, but not illegal. Recording may not even be illegal, given you aren't using it for commercial purposes. But using that personal information for commercial purposes, without going through the proper channels (of which listening through the fence is not one) is definitely illegal.

If someone stands at their front door with bullhorn shouting out their social security numbers, salaries, sexual orientation and other private details, it isn't the responsibility of passers-by to cover their ears.

This is more like Google was going door to door, knocking on doors, turning knobs to see if they're unlocked, and sometimes going in and swiping souvenirs.

You see, an unlocked door is not an invitation to break in. The victim has some share of the blame, but the burglar gets most of it.

If someone stands at their front door with bullhorn shouting out their social
security numbers, salaries, sexual orientation and other private details, it
isn't the responsibility of passers-by to cover their ears.

But if a large number of people stand at their front door shouting out said information, is it ok for a passer-by to systematically drive through every possible street just so that they can hear and write down what is being shouted next to the address where it's being shouted from?

Google screwed up here, accidentally capturing all of this data. Why they didn't just delete it, rather than doing this whole "hair shirt" thing is more than a bit weird.

But: whose fault is it, actually? If you transmit a radio signal into the public domain, do you have any expectation of privacy? Seems to me that the people using unsecured networks share a large portion of the blame here.

For the obligatory car analogy: leaving your router unlocked is like leaving your car unlocked. Transmitting unencrypted login credentials using your unlocked router is like - what? Maybe parking your car in the Bronx and leaving the keys in the ignition?

Google screwed up here, accidentally capturing all of this data. Why they didn't just delete it, rather than doing this whole "hair shirt" thing is more than a bit weird.

The hand wringers and tin foil hat crowd would be up in arms when it was found out that some data was captured, and then the evidence destroyed.

I'm sure the temptation was there to dump it and move on. But "Don't Be Evil" won the day and they did the right thing.

Unfortunately, The governments involved (looking at you Canada) demanded the data, instead of telling Google to simply purge all Canadian data. Now all those passwords and email snippets are owned by the Canadian Government. And there are no clea

I think the car analogy doesn't fit well. You can't "unintentionally" find yourself behind the wheels of an unlocked car.

I think it'd be a bit more like walking around your house naked with all the curtains pulled wide open. Anyone that happens to be walking by outside has a good chance of unintentionally seeing your goods. If you don't want to give a peep show draw the curtains.

If someone is broadcasting their 'sensitive data' by shouting through a bullhorn for the whole world to hear, they shouldn't be surprised if someone wrote down what they heard, nor should they complain.

But they're not shouting through a bullhorn. They're "silently" and "invisibly" transmitting over the air, using a protocol they probably assume is secure. It is not obvious to anyone if a stream is encrypted until you try to read from it. It is like a burglar turning the knob on your front door, checking to see if you left it unlocked.

"Google Admits To Collecting Emails and Passwords." Yeah, it's called Gmail. At least the article summary was closer to reality than usual. Since we're on the subject: has anyone else been getting the suspicion that article summaries from other Slashdot editors lately are really kdawson also?

Let's post the same story every month, but change the headline with new and obvious information to suggest a new story. I mean seriously, did anyone doubt that somewhere in 6 gigabytes of random data snippets there wouldn't be a password or two? Of course there were. We already knew this. There's no news here except that Canada confirmed what Google already told us. Wow, thanks Canada.

This is simple confirmation of what was expected. Anyone who has spent some time sniffing unencrypted wifi traffic (i.e. wardriving) has likely seen the exact types of data that's being described. That Google's tools (and I suspect they were re-purposing the same OSS tools we all have access to) during extensive amounts of wardriving is no surprise. The real question is what Google had planned to do with this data.

There are plenty of people who haven't spent any time watching Kismet and ARE surprised at

Before people start freaking out about how evil Google is, I wanted to temper the rage by pointing out that Google's involvement is purely passive. Their collection techniques were solely collecting wifi payloads that were visible from the street, and never actually attempted communication with any routers. It would be a completely different story if Google had actively logged into routers and collected data, as that would be a major criminal violation. But they didn't.

How the hell is this google's fault anyway? If you don't want your "incredibly private" information in other's hands, then don't fucking broadcast it into the air unencrypted for anyone in a 500' radius to pick up and record. How is this different than reading your email into a radio broadcast and then being shocked (shocked) that someone recorded it by accident. This is stupid.

If you are using wireless, it's roughly the equivalent of standing in the public square with a megaphone and shouting your data to someone else on the other side of the public square. If you happen to speak a password, an e-mail, or transmit an image of a naked woman--everyone else in the public square can hear it--including Google if they happen to be driving by the public square.

But somehow everyone is freaking out. Google is teh evil because they happened to capture what someone was screaming at the

Ok hang on a second. Let's slow down with the inflammatory headlines here, okay? The Google Street View cars picked up partial hashes of data from unsecured routers. And as far as Google "admitting" to collecting the data, that was something they announced last May. So put down your rape whistle, kdawson, there's nothing sinister going on here.

Also, what's the same is that the idiots who are broadcasting their person info are still doing it at local wifi hotspots and their own wide-open home nets. They're lucky that it was Google who captured that data. If it was anyone else, no one would ever have known until something bad happened, or at all. Google can adapt and improve. Dumb users? Not so much.

Google is a very simple company in the grand scheme of things. All they want is to advertise to you.

All the free services they provide, allow them to get to know what you want, so their advertisements are better targeted: HOPEFULLY allowing you to find what you want.

I'm sorry: I fail to see the "evil" part of that. they don't sell customer information, they sell anonymous -group- information, and allow advertisers to target ads at those groups. I'm sorry, but I fail to see the evil in somebody knowin

I'm pretty sure that at a minimum they abide by all local laws regarding law-enforcement access to the data that they collect, and probably are 'friendly' enough to cooperate even when the law doesn't require it.

Maybe I haven't been looking, but I've yet to see one story about google standing up a warrant-less search request in the west. Wasn't there even some concern that they've made such searches super-easy for law-enforcement, giving them their own web-interface which would presumably only require the

As always: it's funny how many americans just don't understand that the world continued forward after the British attacked them in 1778. people in places of power are NOT ALWAYS OUT TO GET YOU.

though sometimes this mentality get's you burned: it's the only way we'll ever move forward as a species. loosing trust and assuming "trust no one but yourself" to be a statement of fact: will only lead to people destroying themselves.

Granted - that doesn't read as well. The headlines aren't as flashy. Which is a shame because in that same interview, what Schmidt says that's really telling is:

"If you really need that kind of privacy, the reality is that search engines - including Google - do retain this information for some time and it's important, for example, that we are all subject in the United States to the Patriot Act and it is possible that all that information could be made available to the authorities."

A limiter to your theory, however, is that all data has a "half life". Password and emails change. People move. People die. Over time the data in the database (sorry for the redundant redundancy) becomes more stale and inaccurate until, at some point in the future, using said database results in more "misses" than hits.

Except he might not like classical music anymore, he might have grown out of Sci Fi, and he might have moved from BDSM to scat. Habits change - there's a mistaken assumption out there that they stay the same - so you keep getting spammed for ads for new barbecue sets right after you just bought a new barbecue - umm hello. Waste of an ad.

Except the Canadian Privacy minister lacks the jurisdiction to sue for things allegedly done on foreign soil. Sure sue about violations of Canadian law in Canada, but Canadian law does not extend to places beyond Canada. Trying to enforce Canadian laws overseas is a really, really bad thing for everybody.

It's hard enough at times just dealing with international law, if all of a sudden you're having to worry about some foreign entity suing you for something which is perfectly legal in the local jurisdicti